Content distribution systems include content consumers that consume data and content publishers that publish data to content consumers. In an environment such as the Internet or World Wide Web (WWW or the “web”), content publishers are typically web servers. Content consumers are web clients which access the content of the web server.
Three characteristics of a content distribution system are worth noting.
First, there are usually a large number of content consumers corresponding to one content provider. Moreover, many content consumers have limited computation power. For example, a web client can be a hand-held device. Thus, it is desirable to reduce the overhead associated with retrieving the content provided by content providers.
Second, a content consumer usually selectively retrieves the objects provided by content providers instead of retrieving all of the objects.
Third, content consumers often retrieve content through a third party. The third party should have the capacity to serve a large number of content consumers. After receiving the content from the content provider, the third party can service the requests of content consumers through its cache and thus offload load from the content providers. For example, a consumer can retrieve the content of a web server through a web cache. This scenario is especially common in peer-to-peer and grid computing environments. Thus, the third party needs to have some capacity to convince the content consumer that the content fetched is indeed produced by the content provider.
Content distribution systems may employ the Secure Sockets Layer (SSL) protocol. SSL is a secure web-based transport protocol that allows communication between two parties to be authenticated. By way of example, the SSL protocol is described in detail in A. Freier et al., “The SSL Protocol Version 3.0.” Each of the two parties has a public key. In the beginning of the communication, two parties generate a shared key with their public key. The subsequent communication is then encrypted symmetrically with the shared key to reduce overhead of authentication. Authentication with SSL requires both ends of the communication to be trusted and secure. Thus, SSL can not allow authentication to go through an un-trusted or non-secure infrastructure or intermediate layer.
Content distribution systems may also employ techniques for authenticating a stream of packages such as, for example, those disclosed in C. K. Wong et al., “Digital Signatures for Flows and Multicasts,” IEEE/ACM Transactions on Networking, pp. 502-513, August 1999. By linking later packets to earlier packets, the overhead of public key signatures of initial packets are amortized over many subsequent packets. Various link structures are proposed to allow the later packets to be reachable through links even when there are packet losses. In a packet stream, packets are produced and consumed in a fixed order, and each packet can not be modified. Whereas in content distribution, objects can be accessed in any order, and objects can be modified in any order.
Accordingly, a need exists for techniques which overcome the above-mentioned and other limitations associated with existing content distribution systems.